Overview

overview

5

Static

static

3

031b510213...48.exe

windows7-x64

5

031b510213...48.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    149s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 15:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    031b51021391f3df4dc4bde87845ae48.exe

  • Size

    305KB

  • MD5

    031b51021391f3df4dc4bde87845ae48

  • SHA1

    25ec941793b87ae06ac8618b10effe36850fcb4e

  • SHA256

    59eab8782efca4915c44e44339bca67af99adfb3c4fafbad4c90d5c91605328f

  • SHA512

    7744380bb6b33aa9d5b2b0844d692ffd578b51366b7f98e0afb6b0f1db9b0adefbaba5de9c655957403c0f4247fe77aa78303b24f872f03371188f0fc9870b27

  • SSDEEP

    6144:U9UfckouAHqMH93xbc/V/ZtVVLJ/wvc4HvB4qmeSHRRwDsLcm9mD:ENky1NxbCtVa4qmhjwDsL+D

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 14 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\031b51021391f3df4dc4bde87845ae48.exe
    "C:\Users\Admin\AppData\Local\Temp\031b51021391f3df4dc4bde87845ae48.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2636
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\dttR2.bat
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2688
      • C:\Windows\SysWOW64\expand.exe
        expand.exe "C:\Users\Admin\AppData\Local\Temp\ico.cab" -F:*.* "C:\progra~1\ico"
        3⤵
        • Drops file in Program Files directory
        • Drops file in Windows directory
        PID:3012
    • C:\Windows\SysWOW64\explorer.exe
      explorer.exe http://www.v258.net/list/list16.html?mmm
      2⤵
        PID:2512
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2572
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.v258.net/list/list16.html?mmm
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2244
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2244 CREDAT:275457 /prefetch:2
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1100

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d526fe0e87aa549753aaa2656f9af33c

      SHA1

      0b240544d21d4152259164c09cd5b97c06b12e22

      SHA256

      91e76996967517f418371251fb80f21c6be879f1671246464bc413457cf15abf

      SHA512

      07c62178be6f555fd76cd7f01d7479c39bc7cc64f3cf2b4b9f12b1f34338fb7b16b80619c5d50542b96dc23f104f624f49185dfba1dd67dbaa360a6f5d5641e2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      de78fe5ff3d185fc312d789c036582e6

      SHA1

      c3a69400cf90196923cac9add5c601b28a4ca762

      SHA256

      f671a0bec12e00c673bb3dfab0c43e9d919654798bd3d395c6f840abf4f28efd

      SHA512

      a9483eb32ea28be27c4f5de422cfb568afa78a54833f310d30fa96491ab25418d527fd4ed067316e8d3c60fe4943ff113aa57ae36576dd098ee0539dec9c9f2f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b19ece9cbaa2645d5586094d3fb7b103

      SHA1

      4aeb9bfba8e938f343c379ec93bea5697606f6b1

      SHA256

      79ce8ea1a74dca6a742e67d5b65187a4c75900d450e0394d75f2ae68fbdae5fa

      SHA512

      66e6d993e406772d62dc8c8a9b0b1b9d92f4605b40aef83097b7c04bcd9d0e90c7e93a20e56cf8594d15b74bde0ee7ed14e949d997c133b903e42f91ba758154

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      de84f0b61d5179a503a8ffd98ba169fe

      SHA1

      42ccd91ed973a7340a017a2d8fdc4e618ca4937f

      SHA256

      d86c6c5044c3ed77f922300df3ee9dda21355a1422c0218a82be4ed539197ae8

      SHA512

      0de5451fb4e8bd46d633bba6809c1abe5bbd9ade213073e369d6e07ed55f744aa4b13db66d33bf70aa54433cfaaaad19935b1b10c03ddff6e433d3cb4460ebd4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      878586442cf2b6c4d23ddf5d8264e05f

      SHA1

      8cc7732b55514fcc51355e3005f8808c24e5a030

      SHA256

      b84a6c0977c83a361bf466134739dc3ff853972be7b9b6c6dc334d2da1dc925f

      SHA512

      884c0743b056125fe656641217f91a9fe3d085fd30f9f66cb6006994ad8c8baac558b43b70c8a52efaac64a2991c219f84caf53495f1c8df013f5e3f77e72880

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      152da0cd79ba231511348230e3511047

      SHA1

      d298c2f2dff4f5f91c5296122c4630157044c598

      SHA256

      11861ed7fd32c29f215c25098878e0034c5bae52876af25d4f4de5dd6147bc78

      SHA512

      8f2d2ec5cda93f065c6ae976d629cc023b4c04625e3298cda40a44c6b00efacb25c533ec9a1d6b4f9567154bd9a4d941314cfc4d9b7ddbddd66140cc523e6c2a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ab28178730bcd8c07d4a650e47e96125

      SHA1

      47a5ec9d1ff2fc41af32a0805f4f9375f2fc4b30

      SHA256

      cb71df15ca94effb2db423ab3c92c45c1b7d02cda2651b798696afe749838672

      SHA512

      026f4d01d858c5bb5784968c10d7c821753739a964bb4b72d883a24b1f8e5f6c588e5ae3bcb8af3d10058fa3fce97aff7fd3490773d7e25912ef02974ee8d6d5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      25b1d70ef3bad9d6665c59e9afd40cf6

      SHA1

      e3c916deb36b4a029929804334fb3e894c9084c6

      SHA256

      66b4aa68366c373a987834e3e146a3afdda4e3807eadc3e7db56fe7953171bb5

      SHA512

      616c6abda4c1848791a95e22a53e7ee510f3809b9abe95cfdd685eb77bb0409d0443cec21cc2045948b84e1f756c8516977cf85f51318935bf8f84a7d10a7a7c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d519ea9038e041965fbfd4605cb87455

      SHA1

      31a45ec96d6dc040df34bb9a866fe7cace0ea2c6

      SHA256

      9c5be530055914b4bbb60c033b7ac435d92f4faf4e7721345e2e26c9676ce052

      SHA512

      cbc59c30cde0c2c6b523a77d0e3a042b32c919fef251c08934ed2a8ea47747c0b95ad7b7430c79723cc3ba68655f565b2d091767747472c2c6bf4e3b96159b4e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      aa2e85f2a30bfeb83a62b0db4afddfc4

      SHA1

      4b5bcae61191e8166640e7a4389c44d39b672bc8

      SHA256

      eb59fac8202b7455af50198d952cdba0889f2fe5d1e374ba626a8d402cfb3d46

      SHA512

      f23585fcf992b55ff5090010b3282394382ee9d67fe41ec33a1c1eab48d29ff54965ffea6b6713d63a0e2e92476cee592036f15807d7e4567577ff77c3ec23c7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      126376a92ae8037d668d6cd6305269e9

      SHA1

      1ec7e746fca8c3b86de3e8691d116aae56fc7b15

      SHA256

      a9b22835cdd0d6ad9716cec000483e2d6c8a18440211972bf270489bede61a83

      SHA512

      6cf14e5b68030e83d670862c54816bde826f148fb605d1effbea57b65219b6322d8766945af9972a1aa76335f229f0234d619cd9796467178b6cae4d3f758262

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      bffb0d6d880a742c2628e64540189f47

      SHA1

      3cb880cee1b205d8141bb400d0cf7b3dd9d1f977

      SHA256

      bf112c7675f24da9167ecd32092f9d338e4840b55b209852e485b653f8d1fb02

      SHA512

      194a1e91c1f167ae56a8767defbb9b9f3ecac8f599799553df1104532281f8b01cf22bf20da8c5e47de51d6fa221e73dfaad16a9a38bd76eaedeb9cd5b4fdaab

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      193508ed621500f3734e252b39b9a0cc

      SHA1

      314fc10b2a7c7d2a056052b68c8fe5c6d5572ba3

      SHA256

      2af291cf147d8f87332f7bb9b5157e7c7017be656737719a0716aa9db433b5b1

      SHA512

      43e4c828cb2fb1b4e94f4e6d9b8136ddc776a741d301d16e884890f65ee160c66168938fc3bff1134cc9587e4f440e4e2187bd044c98ade6b4aac53df0b826e7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d9352f734847caa77c4ae65ca6bc8b46

      SHA1

      228e63fa0db7206efd98771da2139719ab0a62aa

      SHA256

      fd743130a16ced4cde3614b253b43beef882f12eee2ec65c646337eaa2bb17b8

      SHA512

      1d2b20eaef615825542a13e67f215d8e81abe0d720d2b3fe64526f0eea2980d136949a90af5d897e4c8820a1408f7ed865603b987229f7b67687cfe75eebe6df

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab9232.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarA2F9.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\dttR2.bat
      Filesize

      98B

      MD5

      ada787702460241a372c495dc53dbdcf

      SHA1

      da7d65ec9541fe9ed13b3531f38202f83b0ac96d

      SHA256

      0d0f600f95192d2d602dbda346c4e08745295f331f5a0349deae21705367b850

      SHA512

      c86091735b855691c89c7946145591dec6a6a6a36a2438d392587a9cc1f2d85c1ebe44fcff1cc9d94271a24ebbc2ca38639577a6f5c592e9e10517da26572708

      Download Submit

    • \??\c:\users\admin\appdata\local\temp\ico.cab
      Filesize

      18KB

      MD5

      f462d70986dc71a5ff375a82bd9e3677

      SHA1

      f3d9c09a0ff51d81377e15ae4e0e2fceaede142b

      SHA256

      69528b0fb4e1bc3fb8d92839d98e0717b3f680d98fdfcb9809a2f557aacab295

      SHA512

      5bd2d67bb78dc8c4275390667c135ed10c4733e46ce58ef524ea79869f740db00d2f4a37b949896edcbf1ebbfa1ab4dd16afab4418ff637322883435bb7543ec

      Download Submit

    • memory/2636-460-0x0000000000400000-0x0000000000542000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2636-470-0x00000000001B0000-0x00000000001B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2636-0-0x0000000000400000-0x0000000000542000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2636-2-0x0000000000400000-0x0000000000542000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2636-1-0x00000000001B0000-0x00000000001B1000-memory.dmp

      Filesize

      4KB

      Download